Vulnerability in Moodle

CVE-2024-38277

A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two.

EPSS: 0.002 (40.2th percentile) — read the EPSS interpretation.

Affected products

Moodle — versions 4.4, 4.3, 4.2

Weakness classification (CWE)

CWE-324 — Use of a Key Past its Expiration Date

References